Talos Vulnerability Report

TALOS-2015-0064

Network Time Protocol Reference Clock Memory Corruption Vulnerability

October 21, 2015

CVE Number

CVE-2015-7853

Description

A potential buffer overflow vulnerability exists in the refclock of ntpd. An invalid length provided by a hardware reference clock could cause a buffer overflow potentially resulting in memory being modified. A malicious reflock could provide a negative length to trigger this vulnerability.

However, the size is performed by casting the size of the buffer to an integer type and doing an integer comparison. This means that if datalen is negative, then i will be assigned a negative value, resulting in a buffer overflow when it is used as an argument to read at line 3238.